Guest Post – Information Governance and the Social Enterprise

Information Governance and the Social Enterprise
by Robert Cruz, Senior Director, Product Marketing of Actiance, Inc.

Another terrific gathering of information governance and records management thought leaders at the MER Conference and the IGI’s awesome Chief Information Governance Officer (CIGO) Summit in Chicago.

MER provided a great opportunity to present our thoughts on “Information Governance and the Social Enterprise”, reflecting upon the massive changes underway in the ways that organizations are communicating and collaborating through tools like Slack, WeChat, Skype for Business, and a dizzying number of new messaging tools appearing almost daily. This was not exactly mainstream MER content, leading to quite a few comments and inquiries before the session along the lines of:

“what does social media have to do with records management?”

“is there an information governance for the anti-social enterprise?”

“we don’t govern social content… our policy is to block it”

Which I attempted to address during the session, and will summarize here.

Key Point 1: Your employees are using LinkedIn, Twitter, Skype for Business – and WhatsApp and WeChat.

Today, more organizations are sanctioning the use of LinkedIn to reach prospects. They’re enabling Skype for Business conversations with customers that include video, voice, messaging, and app sharing. They are engaged in selling efforts with information delivered uniquely across mobile devices. In fact, one major bank indicates that they sent more IM than email last year. A recent survey from PwC indicates that more than 40% of respondents indicated a social media presence is important in their choice of a health care provider. And, today, WeChat has over 1 billion users around the world. Great, but why does this matter? It matters because governance is about managing information according to its value or risk. And the reality today is that more firms and employees are communicating and collaborating on channels outside of managed email and content management repositories – in some cases over channels that are not currently under governance controls.

Key Point 2: This is not just an issue for regulated companies. Business records are everywhere.

The idea that one can control social media or encrypted instant messaging tools is a new concept for some. And while it is true that regulated firms have progressed further with the idea of proactively capturing these non-email content sources to meet industry retention requirements, they are not alone. Public corporations should take note of SEC regulation Fair Disclosure (FD) and the case of Netflix. All organizations are no doubt aware of employment and contract laws and personal data privacy protections. The key point being that social content can not only trigger regulatory action based upon misuse, but also as a source in US civil litigation where judges are ruling that social and messaging sources are discoverable, and where those who haven’t taken appropriate steps to preserve these sources have suffered the consequences. Unfortunately, the reality of business records expressed as 140 character Tweets has arrived (and, yes, even excluding those emanating from Pennsylvania Avenue at 2:30am)

Key Point 3: Your policies should be applicable to your communication tools.

Have you touched your employee communications or records retention policies lately? If not, it may be time to ensure that your policies are keeping up with the ways individuals are doing their job today. Policies designed for email may need to reviewed to ensure these rich tools can be used by specific job holders. Similarly, retention policies may be worth a touch up as you consider the possibility that a conversation that includes information covered under a non-disclosure may be taking place right now on Skype for Business.

Key Point 4: Your governance tools must be designed for today’s communications.

Equally important, organizations should be asking whether the technologies they currently use to capture, retain, supervise, and discover business records (or data that might be responsive to civil litigation) were designed for the communications of a different era. Those continuing to leverage technology designed 10-15 years ago may be in for a big headache the first time a large legal matter or regulatory inquiry arrives that requires the review and production of social media, instant messaging, or voice communication.

We look forward to continuing to help organizations meet these new InfoGov challenges created as your organization’s patterns of communication and collaboration continue to evolve.